6011 matches found
Updated osgi-core/apache-commons-compress packages fix security vulnerability
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. CVE-2021-35515 When reading a specially crafted 7...
Updated ghostscript packages fix security vulnerability
Use-after-free in sampleddatasample called from sampleddatacontinue and interp. CVE-2021-45944 Heap-based buffer overflow in sampleddatafinish called from sampleddatacontinue and interp. CVE-2021-45949...
Updated suricata packages fix security vulnerability
Critical evasion in suricata CVE-2021-35063...
Updated squashfs-tools packages fix security vulnerability
squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...
Updated gnome-shell packages fix security vulnerability
Drop extra capabilities from gnome-shell. They're optional and they break shutdown from the login screen with new glibs. CVE-2021-3982...
Updated singularity packages fix security vulnerability
A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/", when running as root. CVE-2021-29136 Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifyin...
Updated libgda5.0 packages fix security vulnerability
Fix missing TLS certificate verification. CVE-2021-39359...
Updated ntfs-3g packages fix security vulnerability
Security vulnerabilities were identified in the open source NTFS-3G and NTFSPROGS software. These vulnerabilities may allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code, if the attacker has either local acce...
Updated gegl packages fix security vulnerability
Fix shell expansion via crafted pathname in the ImageMagick convert fallback...
Updated log4j packages fix security vulnerability
Apache Log4j2 is vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed b...
Updated wireshark packages fix security vulnerability
Several wireshark vulnerabilities have been fixed. See the release notes for details...
Updated calibre packages fix security vulnerability
ReDoS vulnerability in htmlpreprocessrules in ebooks/conversion/preprocess.py...
Updated libtpms/swtpm packages fix security vulnerability
CryptSym: fix AES output IV CVE-2021-3505. Fixed a context save and suspend/resume problem when public keys are loaded. Reset too large size indicators in TPM2B to avoid access beyond buffer CVE-2021-3623 Restore original value in buffer if unmarshalled one was illegal Fixed out-of-bounds access...
Updated nodejs packages fix security vulnerability
HTTP Request Smuggling due to spaces in headers. The http parser accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS. CVE-2021-22959 HTTP Request Smuggling when parsing the body. The parse ignores chunk extensions when parsing...
Updated python-lxml packages fix security vulnerability
HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818...
Updated eclipse packages fix security vulnerability
Authenticate active help requests to the local help web server CVE-2020-27225...
Updated e2guardian packages fix security vulnerability
e2guardian did not validate TLS hostnames CVE-2021-44273...
Updated toxcore packages fix security vulnerability
stack-based buffer overflow in handlerequest in DHT.c CVE-2021-44847...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests,...
Updated golang packages fix security vulnerability
net/http: limit growth of header canonicalization cache CVE-2021-44716 syscall: don't close fd 0 on ForkExec error CVE-2021-44717...
Updated samba packages fix security vulnerability
Multiple security issues affecting ldb, samba and sssd. See references for details...
Updated lapack/openblas packages fix security vulnerability
Fixes out of bounds read issue in larrv functions CVE-2021-4048...
Updated webkit2 packages fix security vulnerability
Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. CVE-2021-30887 Processing maliciously crafted web content may lead to universal cross site scripting. CVE-2021-30890...
Updated thunderbird packages fix security vulnerability
OpenPGP signature status doesn't consider additional message content. CVE-2021-4126 Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow. CVE-2021-44538...
Updated ruby packages fix security vulnerability
Bundler sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application...
Updated ldns packages fix security vulnerability
Heap out-of-bound read vulnerability in rrfrmstrinternal function Heap out-of-bound read vulnerability in ldnsnsec3saltdata function Fixed time memory compare for Openssl 0.9.8...
Updated thrift/golang-github-apache-thrift packages fix security vulnerability
Malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service...
Updated php packages fix security vulnerability
Out of bounds in phppcrereplaceimpl CVE-2017-9118 Multiple bugs fixed. See referenced changelog for details...
Updated netcdf packages fix security vulnerability
Multiple security issues found in ezXML, bundled in netcdf...
Updated x11-server packages fix security vulnerabilities
Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write CVE-2021-4008. The handler for the CreatePointerBarrier request of the XFixes extension...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.10 and fixes at least the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a...
Updated apache-mod_security packages fix security vulnerability
Updated apache-modsecurity packages fix security vulnerability: ModSecurity mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP...
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.10 and fixes at least the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially...
Updated apache packages fix security vulnerabilities
Updated apache packages fix security vulnerabilities: A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Uni...
Updated log4j packages fix security vulnerability
Updated log4j packages fix security vulnerability: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is...
Updated olm packages fix security vulnerability
Updated olm packages fix security vulnerability: The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of t...
Updated privoxy packages fix security vulnerabilities
Updated privoxy packages fix security vulnerabilities: A security issue has been found in Privoxy before version 3.0.33. geturlspecparam did not free memory of compiled pattern spec before bailing CVE-2021-44540. A security issue has been found in Privoxy before version 3.0.33...
Updated watchdog packages fix security issue
Updated watchdog packages fixes an issue with a memory leak when verbose mode is on...
Updated vim packages fix security vulnerability
Updated vim packages fix security vulnerability: vim is vulnerable to Use After Free CVE-2021-4069...
Updated log4j packages fix security vulnerability
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
Updated dovecot packages fix security vulnerabilities
Updated dovecot packages fix security vulnerabilities: The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension CVE-2020-28200. Dovecot before 2.3.15 allows ../ Path Traversal. An...
Updated botan2 packages fix security vulnerability
Updated botan2 packages fix security vulnerability: The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the...
Updated hiredis packages fix security vulnerability
Updated hiredis packages fix security vulnerability: It was discovered that there was an integer-overflow vulnerability in hiredis, a C client library for communicating with Redis databases. This occurred within the handling and parsing of 'multi-bulk' replies CVE-2021-32765...
Updated chromium-browser-stable packages fix security vulnerabilities
Updated chromium-browser-stable packages fix security vulnerabilities. The chromium-browser-stable package has been updated to 96.0.4664.110 version that fixes multiples security vulnerabilities. One of these CVEs is known to be actively exploited. Insufficient data validation in Mojo...
Updated mediawiki packages fix security vulnerabilities
Updated mediawiki packages fix security vulnerabilities: == Security fixes == T292763. CVE-2021-44854 REST API incorrectly publicly caches autocomplete search results from private wikis. T271037, CVE-2021-44856 Title blocked in AbuseFilter can be created via Special:ChangeContentModel. T297322,...
Updated matio packages fix security vulnerability
Updated matio packages fix security vulnerability: A memory leak was discovered in MatVarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case CVE-2019-20052...
Updated pjproject packages fix security vulnerability
Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get...
Updated keepalived packages fix security vulnerability
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable writable property...
Updated bind packages fix security vulnerability
Updated bind packages fix security vulnerability: Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to significantly degrade resolver performance, resulting in denial of service large delays for responses for client...